From: Keith Busch <keith.busch@intel.com>
Date: Thu, 4 Aug 2016 22:09:09 +0000 (-0600)
Subject: x86/PCI: VMD: Synchronize with RCU freeing MSI IRQ descs
X-Git-Tag: v4.9-rc1~32^2~3^2~1
X-Git-Url: http://git.cascardo.info/?p=cascardo%2Flinux.git;a=commitdiff_plain;h=ee6ee49fd09fa17c92aadf07961d0ff406fceab8

x86/PCI: VMD: Synchronize with RCU freeing MSI IRQ descs

Fix a potential race when disabling MSI/MSI-X on a VMD domain device.  If
the VMD interrupt service is running, it may see a disabled IRQ.  We can
synchronize RCU just before freeing the MSI descriptor.  This is safe since
the irq_desc lock isn't held, and the descriptor is valid even though it is
disabled.  After vmd_msi_free(), though, the handler is reinitialized to
handle_bad_irq(), so we can't let the VMD ISR's list iteration see the
disabled IRQ after this.

Signed-off-by: Keith Busch <keith.busch@intel.com>
Signed-off-by: Bjorn Helgaas <bhelgaas@google.com>
Acked-by Jon Derrick: <jonathan.derrick@intel.com>
---

diff --git a/arch/x86/pci/vmd.c b/arch/x86/pci/vmd.c
index e785907acb79..57058520f219 100644
--- a/arch/x86/pci/vmd.c
+++ b/arch/x86/pci/vmd.c
@@ -218,6 +218,8 @@ static void vmd_msi_free(struct irq_domain *domain,
 	struct vmd_irq *vmdirq = irq_get_chip_data(virq);
 	unsigned long flags;
 
+	synchronize_rcu();
+
 	/* XXX: Potential optimization to rebalance */
 	raw_spin_lock_irqsave(&list_lock, flags);
 	vmdirq->irq->count--;